On 07/31/2014 07:59 PM, Josh Crane wrote: > SSL *clientSsl = > fd_table[request->clientConnectionManager->clientConnection->fd].ssl; > BIO *b = SSL_get_rbio(clientSsl); > Ssl::ClientBio *clnBio = static_cast<Ssl::ClientBio *>(b->ptr); > const Ssl::Bio::sslFeatures &features = clnBio->getFeatures(); > ... > if (!features.serverName.empty()) > SSL_set_tlsext_host_name(ssl, features.serverName.c_str()); > > <<
> Given the above and related code within bio/clientbio, I'd like to be > able to call SSL_get_servername() or similar to grab the target https > hostname (via TLS SNI) from within httpsAccept() (ie before a peek is > performed). > Is this possible? It is possible in client-first bumping mode (which has many limitations unrelated to SNI, unfortunately). Server-first bumping peeks at the origin server before the handshake with the client (in the current official code). To get SNI info, Squid has to receive and process SSL client Hello. The combination prohibits you from using SNI with server-first bumping (without all the extra BIO work performed by the Peek and Splice branch). > and given that's all I want from the peek/slice branch atm, is it > easy enough to merge the relevant sections with stable to achieve > what I want? I believe the ease of porting that code depends on the bumping mode (see above). Please keep in mind, that the Peek and Splice branch should be submitted for official audit very soon. > Also, is it possible to get the peek/slice branch neatly packaged for > config/compilation on generic (various) distributions? Possible but hopefully pointless because I hope that the polished Peek and Splice code to be officially accepted in the nearest future. If you want to help with polishing and testing, please let me know. HTH, Alex.